The present invention relates to computing, and in particular, to a systems and methods for secure access of data in a computer system.
Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
In general, the concepts of “virtual” and “cloud computing” includes the utilization of a set of shared remote computing resources (e.g., remote servers) which are typically consolidated in one or more data center locations. For example, cloud computing systems may be implemented as a web service that enables a user to remotely launch and manage computing resources (e.g., virtual server instances) in third party data centers. In a cloud environment, remote computer resources may be available in different sizes and configurations so that different resource types can be specified to meet specific needs of different users. For example, one user may desire to use small instance as a web server and another larger instance as a database server, or an even larger instance for processor intensive applications. Cloud computing offers this type of outsourced flexibility without having to manage the purchase and operation of additional hardware resources within an organization.
A cloud-based computing resource is thought to execute or reside somewhere on the “cloud”, which may be a remote internal corporate network or the public Internet. From the perspective of an application developer or information technology administrator, cloud computing enables the development and deployment of applications that exhibit scalability (e.g., increase or decrease resource utilization as needed), performance (e.g., execute efficiently and fast), and reliability (e.g., never, or at least rarely, fail), all without any regard for the nature or location of the underlying infrastructure.
One shortcoming of cloud computing, as well as other remote computing techniques, pertains to the security of data on remote computer systems. Sensitive data on remote computer systems may be more vulnerable than data stored locally. For example, if data is stored on local computer systems (e.g., an on-premise installation in an office) a company has complete control over the storage and transmission of data while it is processed by the software. More specifically, data is stored in a local computer system that is owned and protected by the company itself, and data is only transmitted via the company's intranet, which in turn is protected through firewall, anti-virus, anti-spy and other security-related hardware and software.
In the context of cloud computing, data is processed in locations owned by a third party and the data must be transmitted over the Internet. While the data transmitted to remote resources on the cloud is typically secured via encryption and other mechanisms, there is still a loss of control and potential for a security breach.
FIG. 1 illustrates an example of a typical local and remote computer system. A local computer system 101 may be used to access a remote computer system (e.g., a cloud) 102 over a connection 110, such as the Internet. The remote computer system 102 may include computing resources 120A-B (e.g., server computers) for executing software programs. Remote computer system 102 may further store data 121A-B. If a user of local computer system 101 desires to access the remote data 121A-B, a query is executed on the remote computer system 102 against the remote data and the results are sent back local computer system 101, for example.
It is desirable to allow users to maintain more security over data when using remote computer systems, such as a cloud.